Increasingly, enterprises are supporting “bring your own device” (BYOD) policies for employees whereby the employees use their personal mobile devices to connect to enterprise networks. By connecting to an enterprise network, employees can receive a desktop environment, embedded in a web browser or application executed by their personal mobile devices, that facilitates access to allowed enterprise web applications. In order to manage the mobile devices, compliance policies are established, and enforced by mobile application manager (MAM) devices, for example, that determine the web applications that are deployed or allowed, and security policies that are implemented and maintained for each of the mobile devices based on their characteristics (e.g., geographic location) or characteristics of the associated users (e.g., enterprise role).
Enrolled mobile devices and associated identified users can change characteristics over time. For example, a mobile device may be in an unsecured location at various times and employees may change roles or groups within an enterprise. Accordingly, enterprises periodically perform compliance checks to determine whether there has been any change to characteristics of the enrolled mobile devices or associated users that requires a change to deployed applications or security settings, for example. Enforcement of the compliance policy during the compliance check can result in identifying violations and marking associated mobile devices as out of compliance.
However, marking a mobile device as out of compliance generally results in denying access to enterprise resources, such as web applications, and associated downtime for a user. Additionally, the user may have to contact information technology services to determine how to regain compliance, and other overhead may result from marking a mobile device as being out of compliance. Unfortunately, there is currently no effective method for reducing the number of compliance violations, and associated mobile devices that are marked as out of compliance, or the resulting user downtime.